- From: Roy T. Fielding <fielding@gbiv.com>
- Date: Thu, 14 Feb 2008 10:10:23 -0800
- To: Julian Reschke <julian.reschke@gmx.de>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>
On Feb 14, 2008, at 5:11 AM, Julian Reschke wrote: > Julian Reschke wrote: >> Hm. >> Sending an incomplete Allow header will affect clients that use >> it. WebDAV clients certainly use it to check for features, and I >> wouldn't be surprised if some AtomPub clients did as well (to >> check for PUT). >> So it seems it *is* harmful not to send the header, or just to >> send an incomplete list. >> From a client's p.o.v., given the choice between an incorrect >> list and no list at all, I'd prefer the latter, though. > > ...what I said really applies to successful OPTIONS requests, not > Allow in 405 response though... Right -- I was going to say that yesterday but spent it on other things. Personally, I don't care whether it is a SHOULD or a MAY, but I don't know of any software that checks the 405 message's Allow field. I do know that Apache can't ensure completeness on its own because a method might be disallowed by one part of the server (access control) even if the resource is handled by code that might accept any method (e.g., CGI). We would have to change the CGI interface (or restrict it to known methods) to satisfy the original requirement. What we might want to say is that the Allow field MUST be present if the response comes from the origin server, and MUST NOT be present if the method was disallowed by some intermediary without contacting the origin server. That does provide useful information even when incomplete. ....Roy
Received on Thursday, 14 February 2008 18:10:38 UTC